Buffer Overflow in PFCP Library of Open5GS Products
CVE-2025-44951

7.1HIGH

Key Information:

Vendor: Open5GS
Status: PFCP Library
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-44951?

A missing length check in the ogs_pfcp_dev_add function of the PFCP library utilized by Open5GS allows local attackers to exploit a buffer overflow. By manipulating the session.dev field with a value exceeding 32 bytes, an attacker can potentially destabilize the application and execute arbitrary code. This vulnerability affects multiple versions of Open5GS and requires immediate attention.

References

https://github.com/open5gs/open5gs/issues/3775

https://gist.github.com/scmdcs/6d878d6074f0e2f4a8fb69e986...

https://github.com/open5gs/open5gs/commit/e3dd98cd291fba2...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 22, 2025

JSON